Hackers claim attacks against ImageShack, Symantec, PayPal, other websites:
Anonymous goes on a hacking spree on Guy Fawkes Day
Executive Summary:
A group called HTP (Hack the Planet) claimed to have compromised ImageShack and yfrog on November 04, 2012. They claimed to have "root and physical control of every server and router they own. For years." In a post on Pastebin they shared source codes, configuration files, database information, internal network IP assignments and other information that they claimed to have taken from the ImageShack servers. HTP claims that the reason for the attack on ImageShack was to test the company to see how well it had strengthened its security since a breach in 2009.
HTP also claims to have hacked the well known security company Symantec. Included in the post on Pastebin HTP posted names, email addresses and hashed passwords of hundreds of users that claimed to have been stolen from a Symantec database. HTP also bosts that the information that they have posted does not include everything that they have stolen. They claim that there is more information that has been compromised.
Then on November 05, 2012 the Hack the Planet group claims to have compromised PayPal and stolen user account information from their database. Both Symantec and PayPal have commented saying that they are investigating the claims and taking the threats very seriously. However, neither company has shared any information on whether the breach is valid and what they are doing to protect user information. What may be even more scary is that HTP claims to have control of all the Anti-Virus corporations.
Analysis:
One way companies can detect breaches and attacks is to do routine audits of log files. This would tell the company who has accessed certain files and what they have done in the files. This can also help companies identify breakdowns in implementation. Also companies should identify where these hackers got in and do a weakest link analysis to determine where their company is vulnerable. When these companies discover where the attacker was able to gain access they should strengthen the controls in that area to prevent additional breaches.
One way that companies can prevent packets from attackers coming into the company's network is to use firewalls. However, the firewall will only drop packets that are provable attacks. There are different ways that these firewalls filter packets to determine if they are an atack packet. The company should analyze the different types of firewalls and select the type that best suits their company and maybe even use multiple firewalls to better protect their company.
Companies should, however, store their data in a way that it is protected even if an attacker is able to get into the network and steal the data. If the company properly encrypts that data the hackers should not be able to read and use the data even if they have gained access to the data. It appears the Symantec has hashed the passwords of its users to store the information on their databases. However, users should use passwords that are strong passwords so that the attacker is not able to recognize the hash when they take the data. If the user uses an unsecure password specifically passwords that use common words in them it is easy for attackers to crack them. Therefore, companies should put controls in place that require their useres to use strong passwords and can require certain length and characters to be used in these passwords and warn users not to use common words or common techniques to create passwords. Also companies can break passwords up and then hash the pieces and store the pieces onto different databases. This would mean that the hacker cannot use the piece they have, even if they are able to crack it, without the other piece. This would make the information the attackers stole useless and the time and reasourses that they used to compromise the network a waste.
Hackers claim attacks against ImageShack, Symantec, PayPal, other websites:
Anonymous goes on a hacking spree on Guy Fawkes Day
Executive Summary:
A group called HTP (Hack the Planet) claimed to have compromised ImageShack and yfrog on November 04, 2012. They claimed to have "root and physical control of every server and router they own. For years." In a post on Pastebin they shared source codes, configuration files, database information, internal network IP assignments and other information that they claimed to have taken from the ImageShack servers. HTP claims that the reason for the attack on ImageShack was to test the company to see how well it had strengthened its security since a breach in 2009.
HTP also claims to have hacked the well known security company Symantec. Included in the post on Pastebin HTP posted names, email addresses and hashed passwords of hundreds of users that claimed to have been stolen from a Symantec database. HTP also bosts that the information that they have posted does not include everything that they have stolen. They claim that there is more information that has been compromised.
Then on November 05, 2012 the Hack the Planet group claims to have compromised PayPal and stolen user account information from their database. Both Symantec and PayPal have commented saying that they are investigating the claims and taking the threats very seriously. However, neither company has shared any information on whether the breach is valid and what they are doing to protect user information. What may be even more scary is that HTP claims to have control of all the Anti-Virus corporations.
Analysis:
One way companies can detect breaches and attacks is to do routine audits of log files. This would tell the company who has accessed certain files and what they have done in the files. This can also help companies identify breakdowns in implementation. Also companies should identify where these hackers got in and do a weakest link analysis to determine where their company is vulnerable. When these companies discover where the attacker was able to gain access they should strengthen the controls in that area to prevent additional breaches.
One way that companies can prevent packets from attackers coming into the company's network is to use firewalls. However, the firewall will only drop packets that are provable attacks. There are different ways that these firewalls filter packets to determine if they are an atack packet. The company should analyze the different types of firewalls and select the type that best suits their company and maybe even use multiple firewalls to better protect their company.
Companies should, however, store their data in a way that it is protected even if an attacker is able to get into the network and steal the data. If the company properly encrypts that data the hackers should not be able to read and use the data even if they have gained access to the data. It appears the Symantec has hashed the passwords of its users to store the information on their databases. However, users should use passwords that are strong passwords so that the attacker is not able to recognize the hash when they take the data. If the user uses an unsecure password specifically passwords that use common words in them it is easy for attackers to crack them. Therefore, companies should put controls in place that require their useres to use strong passwords and can require certain length and characters to be used in these passwords and warn users not to use common words or common techniques to create passwords. Also companies can break passwords up and then hash the pieces and store the pieces onto different databases. This would mean that the hacker cannot use the piece they have, even if they are able to crack it, without the other piece. This would make the information the attackers stole useless and the time and reasourses that they used to compromise the network a waste.